Documentation ¶
Overview ¶
Package auth is responsible for authentication
Index ¶
- Constants
- Variables
- func NewService(opts Options) *service
- func NewTeamCommand(httpClient *http.Client) *cobra.Command
- func NewUserCommand(httpClient *http.Client) *cobra.Command
- type AuthService
- type Client
- func (c *Client) AddTeamMembership(ctx context.Context, opts TeamMembershipOptions) error
- func (c *Client) CreateTeam(ctx context.Context, organization string, opts CreateTeamOptions) (*Team, error)
- func (c *Client) CreateUser(ctx context.Context, username string, _ ...NewUserOption) (*User, error)
- func (c *Client) DeleteTeam(ctx context.Context, id string) error
- func (c *Client) DeleteUser(ctx context.Context, username string) error
- func (c *Client) GetTeam(ctx context.Context, organization, name string) (*Team, error)
- func (c *Client) RemoveTeamMembership(ctx context.Context, opts TeamMembershipOptions) error
- type CreateTeamOptions
- type NewUserOption
- type Options
- type OrganizationAccess
- type OrganizationAccessOptions
- type OrganizationService
- type Team
- type TeamCLI
- type TeamMembershipOptions
- type TeamService
- type UpdateTeamOptions
- type User
- func (u *User) CanAccessOrganization(action rbac.Action, org string) bool
- func (u *User) CanAccessSite(action rbac.Action) bool
- func (u *User) CanAccessWorkspace(action rbac.Action, policy internal.WorkspacePolicy) bool
- func (u *User) IsOwner(organization string) bool
- func (u *User) IsSiteAdmin() bool
- func (u *User) IsTeamMember(teamID string) bool
- func (u *User) Organizations() []string
- func (u *User) String() string
- type UserCLI
- type UserListOptions
- type UserService
- type UserSpec
Constants ¶
const ( SiteAdminID = "user-site-admin" SiteAdminUsername = "site-admin" )
Variables ¶
var ErrCannotDeleteOnlyOwner = errors.New("cannot remove the last owner")
var ErrRemovingOwnersTeamNotPermitted = errors.New("the owners team cannot be deleted")
var (
SiteAdmin = User{ID: SiteAdminID, Username: SiteAdminUsername}
)
Functions ¶
func NewService ¶
func NewService(opts Options) *service
Types ¶
type AuthService ¶
type AuthService interface { TeamService UserService }
type Client ¶
type Client struct { internal.JSONAPIClient AuthService }
func (*Client) AddTeamMembership ¶
func (c *Client) AddTeamMembership(ctx context.Context, opts TeamMembershipOptions) error
AddTeamMembership adds users to a team via HTTP.
func (*Client) CreateTeam ¶
func (c *Client) CreateTeam(ctx context.Context, organization string, opts CreateTeamOptions) (*Team, error)
CreateTeam creates a team via HTTP/JSONAPI.
func (*Client) CreateUser ¶
func (c *Client) CreateUser(ctx context.Context, username string, _ ...NewUserOption) (*User, error)
CreateUser creates a user via HTTP/JSONAPI. Options are ignored.
func (*Client) DeleteTeam ¶
DeleteTeam deletes a team via HTTP/JSONAPI.
func (*Client) DeleteUser ¶
DeleteUser deletes a user via HTTP/JSONAPI.
func (*Client) RemoveTeamMembership ¶
func (c *Client) RemoveTeamMembership(ctx context.Context, opts TeamMembershipOptions) error
RemoveTeamMembership removes users from a team via HTTP.
type CreateTeamOptions ¶
type CreateTeamOptions struct { // Name of team to create Name *string `schema:"name,required"` OrganizationAccessOptions // TFE fields that OTF does not support but persists merely to pass the // go-tfe integration tests SSOTeamID *string Visibility *string }
type NewUserOption ¶
type NewUserOption func(*User)
func WithTeams ¶
func WithTeams(memberships ...*Team) NewUserOption
type Options ¶
type Options struct { *sql.DB *tfeapi.Responder html.Renderer internal.HostnameService organization.OrganizationService logr.Logger }
type OrganizationAccess ¶
type OrganizationAccess struct { ManageWorkspaces bool // admin access on all workspaces ManageVCS bool // manage VCS providers ManageModules bool // manage module registry // TFE fields that OTF does not support but persists merely to pass the // go-tfe integration tests ManageProviders bool ManagePolicies bool ManagePolicyOverrides bool }
OrganizationAccess defines a team's organization access.
type OrganizationAccessOptions ¶ added in v0.0.50
type OrganizationAccessOptions struct { ManageWorkspaces *bool `schema:"manage_workspaces"` ManageVCS *bool `schema:"manage_vcs"` ManageModules *bool `schema:"manage_modules"` // TFE fields that OTF does not support but persists merely to pass the // go-tfe integration tests ManageProviders *bool ManagePolicies *bool ManagePolicyOverrides *bool }
OrganizationAccessOptions defines access to be granted upon team creation or to grant/rescind to/from an existing team.
type OrganizationService ¶
type OrganizationService organization.Service
Aliases to disambiguate service names when embedded together.
type Team ¶
type Team struct { ID string CreatedAt time.Time Name string Organization string Access OrganizationAccess // TFE fields that OTF does not support but persists merely to pass the // go-tfe integration tests Visibility string SSOTeamID *string }
Team is a group of users sharing a level of authorization.
func CreateTestTeam ¶
func CreateTestTeam(t *testing.T, db *sql.DB, organization *organization.Organization) *Team
func (*Team) OrganizationAccess ¶
func (t *Team) OrganizationAccess() OrganizationAccess
func (*Team) Update ¶
func (t *Team) Update(opts UpdateTeamOptions) error
type TeamCLI ¶ added in v0.1.9
type TeamCLI struct {
AuthService
}
type TeamMembershipOptions ¶
type TeamService ¶
type TeamService interface { CreateTeam(ctx context.Context, organization string, opts CreateTeamOptions) (*Team, error) GetTeam(ctx context.Context, organization, team string) (*Team, error) GetTeamByID(ctx context.Context, teamID string) (*Team, error) ListTeams(ctx context.Context, organization string) ([]*Team, error) ListTeamMembers(ctx context.Context, teamID string) ([]*User, error) UpdateTeam(ctx context.Context, teamID string, opts UpdateTeamOptions) (*Team, error) DeleteTeam(ctx context.Context, teamID string) error }
type UpdateTeamOptions ¶
type UpdateTeamOptions struct { Name *string OrganizationAccessOptions // TFE fields that OTF does not support but persists merely to pass the // go-tfe integration tests SSOTeamID *string Visibility *string }
type User ¶
type User struct { ID string // ID uniquely identifies users CreatedAt time.Time UpdatedAt time.Time Username string // username is globally unique SiteAdmin bool // Indicates whether user is a site admin Teams []*Team // user belongs to many teams }
User represents an otf user account.
func NewUser ¶
func NewUser(username string, opts ...NewUserOption) *User
func UserFromContext ¶
UserFromContext retrieves a user from a context
func (*User) CanAccessOrganization ¶
func (*User) CanAccessWorkspace ¶
func (*User) IsSiteAdmin ¶
IsSiteAdmin determines whether user is a site admin. A user is a site admin in either of two cases: (1) their account has been promoted to site admin (think sudo) (2) the account is *the* site admin (think root)
func (*User) IsTeamMember ¶
IsTeamMember determines whether user is a member of the given team.
func (*User) Organizations ¶
Organizations returns the user's membership of organizations (indirectly via their membership of teams).
NOTE: always returns a non-nil slice
type UserCLI ¶ added in v0.1.9
type UserCLI struct {
UserService
}
type UserListOptions ¶
UserListOptions are options for the ListUsers endpoint.
type UserService ¶
type UserService interface { CreateUser(ctx context.Context, username string, opts ...NewUserOption) (*User, error) GetUser(ctx context.Context, spec UserSpec) (*User, error) ListUsers(ctx context.Context) ([]*User, error) ListOrganizationUsers(ctx context.Context, organization string) ([]*User, error) DeleteUser(ctx context.Context, username string) error AddTeamMembership(ctx context.Context, opts TeamMembershipOptions) error RemoveTeamMembership(ctx context.Context, opts TeamMembershipOptions) error SetSiteAdmins(ctx context.Context, usernames ...string) error }